# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.users_group

~~~~~~~~~~~~~~~~~~~~~~~~~~~

user group model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Oct 1, 2011

:author: nvinot, marcink

"""

import logging

import traceback

from kallithea.model import BaseModel

from kallithea.model.db import UserGroupMember, UserGroup,\

    UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\

    UserGroupUserGroupToPerm

from kallithea.lib.exceptions import UserGroupsAssignedException,\

    RepoGroupAssignmentError

log = logging.getLogger(__name__)

class UserGroupModel(BaseModel):

    cls = UserGroup

    def _get_user_group(self, user_group):

        return self._get_instance(UserGroup, user_group,

                                  callback=UserGroup.get_by_group_name)

    def _create_default_perms(self, user_group):

        # create default permission

        default_perm = 'usergroup.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('usergroup.'):

                default_perm = p.permission.permission_name

                break

        user_group_to_perm = UserUserGroupToPerm()

        user_group_to_perm.permission = Permission.get_by_key(default_perm)

        user_group_to_perm.user_group = user_group

        user_group_to_perm.user_id = def_user.user_id

        return user_group_to_perm

    def _update_permissions(self, user_group, perms_new=None,

                            perms_updates=None):

        from kallithea.lib.auth import HasUserGroupPermissionAny

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        # update permissions

        for member, perm, member_type in perms_updates:

            if member_type == 'user':

                # this updates existing one

                self.grant_user_permission(

                    user_group=user_group, user=member, perm=perm

                )

            else:

                #check if we have permissions to alter this usergroup

                if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',

                                             'usergroup.admin')(member):

                    self.grant_user_group_permission(

                        target_user_group=user_group, user_group=member, perm=perm

                    )

        # set new permissions

        for member, perm, member_type in perms_new:

            if member_type == 'user':

                self.grant_user_permission(

                    user_group=user_group, user=member, perm=perm

                )

            else:

                #check if we have permissions to alter this usergroup

                if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',

                                             'usergroup.admin')(member):

                    self.grant_user_group_permission(

                        target_user_group=user_group, user_group=member, perm=perm

                    )

    def get(self, user_group_id, cache=False):

        return UserGroup.get(user_group_id)

    def get_group(self, user_group):

        return self._get_user_group(user_group)

    def get_by_name(self, name, cache=False, case_insensitive=False):

        return UserGroup.get_by_group_name(name, cache, case_insensitive)

    def create(self, name, description, owner, active=True, group_data=None):

        try:

            new_user_group = UserGroup()

            new_user_group.user = self._get_user(owner)

            new_user_group.users_group_name = name

            new_user_group.user_group_description = description

            new_user_group.users_group_active = active

            if group_data:

                new_user_group.group_data = group_data

            self.sa.add(new_user_group)

            perm_obj = self._create_default_perms(new_user_group)

            self.sa.add(perm_obj)

            self.grant_user_permission(user_group=new_user_group,

                                       user=owner, perm='usergroup.admin')

            return new_user_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def update(self, user_group, form_data):

        try:

            user_group = self._get_user_group(user_group)

            for k, v in form_data.items():

                if k == 'users_group_members':

                    user_group.members = []

                    self.sa.flush()

                    members_list = []

                    if v:

                        v = [v] if isinstance(v, basestring) else v

                        for u_id in set(v):

                            member = UserGroupMember(user_group.users_group_id, u_id)

                            members_list.append(member)

                    setattr(user_group, 'members', members_list)

                setattr(user_group, k, v)

            self.sa.add(user_group)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, user_group, force=False):

        """

        raises exception if there are members in that group, else deletes

        group and users

        :param user_group:

        :param force:

        """

        user_group = self._get_user_group(user_group)

        try:

            # check if this group is not assigned to repo

            assigned_groups = UserGroupRepoToPerm.query()\

                .filter(UserGroupRepoToPerm.users_group == user_group).all()

            if assigned_groups and not force:

                raise UserGroupsAssignedException(

            self.sa.delete(user_group)

        except Exception:

            log.error(traceback.format_exc())

            raise

    def add_user_to_group(self, user_group, user):

        user_group = self._get_user_group(user_group)

        user = self._get_user(user)

        for m in user_group.members:

            u = m.user

            if u.user_id == user.user_id:

                # user already in the group, skip

                return True

        try:

            user_group_member = UserGroupMember()

            user_group_member.user = user

            user_group_member.users_group = user_group

            user_group.members.append(user_group_member)

            user.group_member.append(user_group_member)

            self.sa.add(user_group_member)

            return user_group_member

        except Exception:

            log.error(traceback.format_exc())

            raise

    def remove_user_from_group(self, user_group, user):

        user_group = self._get_user_group(user_group)

        user = self._get_user(user)

        user_group_member = None

        for m in user_group.members:

            if m.user.user_id == user.user_id:

                # Found this user's membership row

                user_group_member = m

                break

        if user_group_member:

            try:

                self.sa.delete(user_group_member)

                return True

            except Exception:

                log.error(traceback.format_exc())

                raise

        else:

            # User isn't in that group

            return False

    def has_perm(self, user_group, perm):

        user_group = self._get_user_group(user_group)

        perm = self._get_perm(perm)

        return UserGroupToPerm.query()\

            .filter(UserGroupToPerm.users_group == user_group)\

            .filter(UserGroupToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user_group, perm):

        user_group = self._get_user_group(user_group)

        perm = self._get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserGroupToPerm.query()\

            .filter(UserGroupToPerm.users_group == user_group)\

            .filter(UserGroupToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserGroupToPerm()

        new.users_group = user_group

        new.permission = perm

        self.sa.add(new)

        return new

    def revokehas_permrevoke_permgrant_perm_perm(self, user_group, perm):

        user_group = self._get_user_group(user_group)

        perm = self._get_perm(perm)

        obj = UserGroupToPerm.query()\

            .filter(UserGroupToPerm.users_group == user_group)\

            .filter(UserGroupToPerm.permission == perm).scalar()

        if obj:

            self.sa.delete(obj)

    def grant_user_permission(self, user_group, user, perm):

        """

        Grant permission for user on given user group, or update

        existing one if found

        :param user_group: Instance of UserGroup, users_group_id,

            or users_group_name

        :param user: Instance of User, user_id or username

        :param perm: Instance of Permission, or permission_name

        """

        user_group = self._get_user_group(user_group)

        user = self._get_user(user)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UserUserGroupToPerm)\

            .filter(UserUserGroupToPerm.user == user)\

            .filter(UserUserGroupToPerm.user_group == user_group)\

            .scalar()

        if obj is None:

            # create new !

            obj = UserUserGroupToPerm()

        obj.user_group = user_group

        obj.user = user

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, user, user_group))

        return obj

    def revoke_user_permission(self, user_group, user):

        """

        Revoke permission for user on given repository group

        :param user_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        user_group = self._get_user_group(user_group)

        user = self._get_user(user)

        obj = self.sa.query(UserUserGroupToPerm)\

            .filter(UserUserGroupToPerm.user == user)\

            .filter(UserUserGroupToPerm.user_group == user_group)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (user_group, user))

    def grant_user_group_permission(self, target_user_group, user_group, perm):

        """

        Grant user group permission for given target_user_group

        :param target_user_group:

        :param user_group:

        :param perm:

        """

        target_user_group = self._get_user_group(target_user_group)

        user_group = self._get_user_group(user_group)

        permission = self._get_perm(perm)

        # forbid assigning same user group to itself

        if target_user_group == user_group:

            raise RepoGroupAssignmentError('target repo:%s cannot be '

                                           'assigned to itself' % target_user_group)

        # check if we have that permission already

        obj = self.sa.query(UserGroupUserGroupToPerm)\

            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\

            .filter(UserGroupUserGroupToPerm.user_group == user_group)\

            .scalar()

        if obj is None:

            # create new !

            obj = UserGroupUserGroupToPerm()

        obj.user_group = user_group

        obj.target_user_group = target_user_group

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group))

        return obj

    def revoke_user_group_permission(self, target_user_group, user_group):

        """

        Revoke user group permission for given target_user_group

        :param target_user_group:

        :param user_group:

        """

        target_user_group = self._get_user_group(target_user_group)

        user_group = self._get_user_group(user_group)

        obj = self.sa.query(UserGroupUserGroupToPerm)\

            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\

            .filter(UserGroupUserGroupToPerm.user_group == user_group)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (target_user_group, user_group))

    def enforce_groups(self, user, groups, extern_type=None):

        user = self._get_user(user)

        log.debug('Enforcing groups %s on user %s' % (user, groups))

        current_groups = user.group_member

        # find the external created groups

        externals = [x.users_group for x in current_groups

                     if 'extern_type' in x.users_group.group_data]

        # calculate from what groups user should be removed

        # externals that are not in groups

        for gr in externals:

            if gr.users_group_name not in groups:

                log.debug('Removing user %s from user group %s' % (user, gr))

                self.remove_user_from_group(gr, user)

        # now we calculate in which groups user should be == groups params

        owner = User.get_first_admin().username

        for gr in set(groups):

            existing_group = UserGroup.get_by_group_name(gr)

            if not existing_group:

                desc = 'Automatically created from plugin:%s' % extern_type

                # we use first admin account to set the owner of the group

                existing_group = UserGroupModel().create(gr, desc, owner,

                                        group_data={'extern_type': extern_type})

            # we can only add users to special groups created via plugins

            managed = 'extern_type' in existing_group.group_data

            if managed:

                log.debug('Adding user %s to user group %s' % (user, gr))

                UserGroupModel().add_user_to_group(existing_group, user)

            else:

                log.debug('Skipping addition to group %s since it is '

                          'not managed by auth plugins' % gr)

        ret['followers'] = followers

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_user_group(new_group)

    @parameterized.expand([

        ('repository.admin',),

        ('repository.write',),

        ('repository.read',),

    ])

    def test_api_get_repo_by_non_admin(self, grant_perm):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm=grant_perm)

        Session().commit()

        id_, params = _build_data(self.apikey_regular, 'get_repo',

                                  repoid=self.REPO)

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(self.REPO)

        ret = repo.get_api_data()

        members = []

        followers = []

        self.assertEqual(2, len(repo.repo_to_perm))

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user_obj = user.user

            user_data = {'name': user_obj.username, 'type': "user",

                         'permission': perm}

            members.append(user_data)

        for user_group in repo.users_group_to_perm:

            perm = user_group.permission.permission_name

            user_group_obj = user_group.users_group

            user_group_data = {'name': user_group_obj.users_group_name,

                               'type': "user_group", 'permission': perm}

            members.append(user_group_data)

        for user in repo.followers:

            followers.append(user.user.get_api_data())

        ret['members'] = members

        ret['followers'] = followers

        expected = ret

        try:

            self._compare_ok(id_, expected, given=response.body)

        finally:

            RepoModel().revoke_user_permission(self.REPO, self.TEST_USER_LOGIN)

    def test_api_get_repo_by_non_admin_no_permission_to_repo(self):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm='repository.none')

        id_, params = _build_data(self.apikey_regular, 'get_repo',

                                  repoid=self.REPO)

        response = api_call(self, params)

        expected = 'repository `%s` does not exist' % (self.REPO)

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_that_doesn_not_exist(self):

        id_, params = _build_data(self.apikey, 'get_repo',

                                  repoid='no-such-repo')

        response = api_call(self, params)

        ret = 'repository `%s` does not exist' % 'no-such-repo'

        expected = ret

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repos(self):

        id_, params = _build_data(self.apikey, 'get_repos')

        response = api_call(self, params)

        result = []

        for repo in RepoModel().get_all():

            result.append(repo.get_api_data())

        ret = jsonify(result)

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_repos_non_admin(self):

        id_, params = _build_data(self.apikey_regular, 'get_repos')

        response = api_call(self, params)

        result = []

        for repo in RepoModel().get_all_user_repos(self.TEST_USER_LOGIN):

            result.append(repo.get_api_data())

        ret = jsonify(result)

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

    @parameterized.expand([('all', 'all'),

                           ('dirs', 'dirs'),

                           ('files', 'files'), ])

    def test_api_get_repo_nodes(self, name, ret_type):

        rev = 'tip'

        path = '/'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        # we don't the actual return types here since it's tested somewhere

        # else

        expected = response.json['result']

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_repo_nodes_bad_revisions(self):

        rev = 'i-dont-exist'

        path = '/'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path, )

        response = api_call(self, params)

        expected = 'failed to get repo: `%s` nodes' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_nodes_bad_path(self):

        rev = 'tip'

        path = '/idontexits'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path, )

        response = api_call(self, params)

        expected = 'failed to get repo: `%s` nodes' % self.REPO

        self._compare_error(id_, expected, given=response.body)

    def test_api_get_repo_nodes_bad_ret_type(self):

        rev = 'tip'

        path = '/'

        ret_type = 'error'

        id_, params = _build_data(self.apikey, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        expected = ('ret_type must be one of %s'

                    % (','.join(['files', 'dirs', 'all'])))

        self._compare_error(id_, expected, given=response.body)

    @parameterized.expand([('all', 'all', 'repository.write'),

                           ('dirs', 'dirs', 'repository.admin'),

                           ('files', 'files', 'repository.read'), ])

    def test_api_get_repo_nodes_by_regular_user(self, name, ret_type, grant_perm):

        RepoModel().grant_user_permission(repo=self.REPO,

                                          user=self.TEST_USER_LOGIN,

                                          perm=grant_perm)

        Session().commit()

        rev = 'tip'

        path = '/'

        id_, params = _build_data(self.apikey_regular, 'get_repo_nodes',

                                  repoid=self.REPO, revision=rev,

                                  root_path=path,

                                  ret_type=ret_type)

        response = api_call(self, params)

        # we don't the actual return types here since it's tested somewhere

        # else

        expected = response.json['result']

        try:

            self._compare_ok(id_, expected, given=response.body)

        finally:

            RepoModel().revoke_user_permission(self.REPO, self.TEST_USER_LOGIN)

    def test_api_create_repo(self):

        repo_name = 'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        self.assertNotEqual(repo, None)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_in_group(self):

        repo_name = 'my_gr/api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        print params

        repo = RepoModel().get_by_repo_name(repo_name)

        self.assertNotEqual(repo, None)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

        fixture.destroy_repo_group('my_gr')

    def test_api_create_repo_unknown_owner(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=owner,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        expected = 'user `%s` does not exist' % owner

        self._compare_error(id_, expected, given=response.body)

    def test_api_create_repo_dont_specify_owner(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        self.assertNotEqual(repo, None)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

        )

        response = api_call(self, params)

        repo = RepoModel().get_by_repo_name(repo_name)

        self.assertNotEqual(repo, None)

        ret = {

            'msg': 'Created new repository `%s`' % repo_name,

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_by_non_admin_specify_owner(self):

        repo_name = 'api-repo'

        owner = 'i-dont-exist'

        id_, params = _build_data(self.apikey_regular, 'create_repo',

                                  repo_name=repo_name,

                                  repo_type=self.REPO_TYPE,

                                  owner=owner)

        response = api_call(self, params)

        expected = 'Only Kallithea admin can specify `owner` param'

        self._compare_error(id_, expected, given=response.body)

        fixture.destroy_repo(repo_name)

    def test_api_create_repo_exists(self):

        repo_name = self.REPO

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = "repo `%s` already exist" % repo_name

        self._compare_error(id_, expected, given=response.body)

    @mock.patch.object(RepoModel, 'create', crash)

    def test_api_create_repo_exception_occurred(self):

        repo_name = 'api-repo'

        id_, params = _build_data(self.apikey, 'create_repo',

                                  repo_name=repo_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

                                  repo_type=self.REPO_TYPE,)

        response = api_call(self, params)

        expected = 'failed to create repository `%s`' % repo_name

        self._compare_error(id_, expected, given=response.body)

    @parameterized.expand([

        ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),

        ('description', {'description': 'new description'}),

        ('active', {'active': True}),

        ('active', {'active': False}),

        ('clone_uri', {'clone_uri': 'http://foo.com/repo'}),

        ('clone_uri', {'clone_uri': None}),

        ('landing_rev', {'landing_rev': 'branch:master'}),

        ('enable_statistics', {'enable_statistics': True}),

        ('enable_locking', {'enable_locking': True}),

        ('enable_downloads', {'enable_downloads': True}),

        ('name', {'name': 'new_repo_name'}),

        ('repo_group', {'group': 'test_group_for_update'}),

    ])

    def test_api_update_repo(self, changing_attr, updates):

        repo_name = 'api_update_me'

        repo = fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        if changing_attr == 'repo_group':

            fixture.create_repo_group(updates['group'])

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        if changing_attr == 'name':

            repo_name = updates['name']

        if changing_attr == 'repo_group':

            repo_name = '/'.join([updates['group'], repo_name])

        try:

            expected = {

                'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),

                'repository': repo.get_api_data()

            }

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

            if changing_attr == 'repo_group':

                fixture.destroy_repo_group(updates['group'])

    def test_api_update_repo_repo_group_does_not_exist(self):

        repo_name = 'admin_owned'

        fixture.create_repo(repo_name)

        updates = {'group': 'test_group_for_update'}

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository group `%s` does not exist' % updates['group']

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_update_repo_regular_user_not_allowed(self):

        repo_name = 'admin_owned'

        fixture.create_repo(repo_name)

        updates = {'active': False}

        id_, params = _build_data(self.apikey_regular, 'update_repo',

                                  repoid=repo_name, **updates)

        response = api_call(self, params)

        try:

            expected = 'repository `%s` does not exist' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    @mock.patch.object(RepoModel, 'update', crash)

    def test_api_update_repo_exception_occured(self):

        repo_name = 'api_update_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'update_repo',

                                  repoid=repo_name, owner=TEST_USER_ADMIN_LOGIN,)

        response = api_call(self, params)

        try:

            expected = 'failed to update repo `%s`' % repo_name

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo(self):

        repo_name = 'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        id_, params = _build_data(self.apikey, 'delete_repo',

                                  repoid=repo_name, )

        response = api_call(self, params)

        ret = {

            'msg': 'Deleted repository `%s`' % repo_name,

            'success': True

        }

        try:

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin(self):

        repo_name = 'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE,

                            cur_user=self.TEST_USER_LOGIN)

        id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                  repoid=repo_name, )

        response = api_call(self, params)

        ret = {

            'msg': 'Deleted repository `%s`' % repo_name,

            'success': True

        }

        try:

            expected = ret

            self._compare_ok(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_by_non_admin_no_permission(self):

        repo_name = 'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        try:

            id_, params = _build_data(self.apikey_regular, 'delete_repo',

                                      repoid=repo_name, )

            response = api_call(self, params)

            expected = 'repository `%s` does not exist' % (repo_name)

            self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_delete_repo_exception_occurred(self):

        repo_name = 'api_delete_me'

        fixture.create_repo(repo_name, repo_type=self.REPO_TYPE)

        try:

            with mock.patch.object(RepoModel, 'delete', crash):

                id_, params = _build_data(self.apikey, 'delete_repo',

                                          repoid=repo_name, )

                response = api_call(self, params)

                expected = 'failed to delete repository `%s`' % repo_name

                self._compare_error(id_, expected, given=response.body)

        finally:

            fixture.destroy_repo(repo_name)

    def test_api_fork_repo(self):

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey, 'fork_repo',

                                  repoid=self.REPO,

                                  fork_name=fork_name,

                                  owner=TEST_USER_ADMIN_LOGIN,

        )

        response = api_call(self, params)

        ret = {

            'msg': 'Created fork of `%s` as `%s`' % (self.REPO,

                                                     fork_name),

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(fork_name)

    def test_api_fork_repo_non_admin(self):

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                  repoid=self.REPO,

                                  fork_name=fork_name,

        )

        response = api_call(self, params)

        ret = {

            'msg': 'Created fork of `%s` as `%s`' % (self.REPO,

                                                     fork_name),

            'success': True,

            'task': None,

        }

        expected = ret

        self._compare_ok(id_, expected, given=response.body)

        fixture.destroy_repo(fork_name)

    def test_api_fork_repo_non_admin_specify_owner(self):

        fork_name = 'api-repo-fork'

        id_, params = _build_data(self.apikey_regular, 'fork_repo',

                                  repoid=self.REPO,